Prerequsites

Please set up the identity of your VM, as depicted in the following screen.

CLI

In order to create a new Auth Method that will be able to authenticate using Azure Active Directory credentials, run the following command in your terminal, with the relevant parameters enabled.

$ akeyless create-auth-method-azure-ad

Options:

-n, --name

Auth Method name

--access-expires[=0]

Access expiration date in Unix timestamp (select 0 for access without expiry date)

--bound-ips

A CIDR whitelist of the IPs that the access is restricted to

--bound-tenant-id

The Azure tenant id that the access is restricted to

--issuer[=https://sts.windows.net/---bound_tenant_id---]

Issuer URL

--jwks-uri[=https://login.microsoftonline.com/common/discovery/keys]

The URL to the JSON Web Key Set (JWKS) that contains the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server

--audience[=https://management.azure.com/]

The audience in the JWT

--bound-spid

A list of service principal IDs that the access is restricted to

--bound-group-id

A list of group ids that the access is restricted to

--bound-sub-id

A list of subscription ids that the access is restricted to

--bound-rg-id

A list of resource groups that the access is restricted to

--bound-providers

A list of resource providers that the access is restricted to (e.g, Microsoft.Compute, Microsoft.ManagedIdentity, etc)

--bound-resource-types

A list of resource types that the access is restricted to (e.g, virtualMachines, userAssignedIdentities, etc)

--bound-resource-id

A list of resource names that the access is restricted to (e.g, a virtual machine name, scale set name, etc).

--bound-resource-names

A list of full resource ids that the access is restricted to

UI

In order to create a new Azure Active Directory authentication credentials, go to Auth Methods tab, click on new and select Azure AD.


Did this page help you?